Link to home
Start Free TrialLog in
Avatar of Pau Lo
Pau Lo

asked on

LInux Config Files


Can anyone help me identify the appropriate Linux files to identify the following security settings on a Linux Server. I know the Solaris equivalent but require the Linux files as I'm working on a Linux Server:

" Running Network services, i.e. telnet, chargen, ftp etc (In Solaris the file is /etc/inetd.conf and /etc/pam.conf).

" Password Parameters, e.g. length, complexity etc (In IBM AIX I use /etc/security/passwd, in Solaris the file is /etc/default/password and /etc/default/profile)

" Failed root login attempts (in solaris the file is /etc/default/login)

" List of installed security patches (Solaris the file is command showrev p)

" File Systems installed / directories (solaris the file is /etc/vfstab)

" Users who can connect without a password (solaris the file is /etc/hosts.equiv)

" Users who can print through the server without a password (solaris the file is /etc/hosts.lpd)

Thanks
Avatar of Pau Lo
Pau Lo

ASKER

also in solaris logins -p used to show users who can login without a password, yet this doesnt seem to work on a linux server, is there an alternative command?
SOLUTION
Avatar of Kerem ERSOY
Kerem ERSOY
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Avatar of woolmilkporc
woolmilkporc
Flag of Germany image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of arnold
arnold
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Kerem ERSOY
Kerem ERSOY
> also in solaris logins -p used to show users who can login without a password, yet this doesnt seem to > work on a linux server, is there an alternative command?

Don't forget that most modern linux distros come with telnet disabled by default and this is not an issue. But you ca n check the second column in /etc/shadow. If it is only a * then it measn that the user is not allowed to login. If it is a ! then it meesn that this user has not been assignad a password yet. and if it contains an encrypted password naturally it will indicate that this user has been assigned a password.

Please check your SSH configratio to make sure that it won't allow users without password:

PermitEmptyPasswords no

also you can disable password authentication all together and allow only public key authentication:

PasswordAuthentication no
PubkeyAuthentication yes

Cheers,
K.
Avatar of Pau Lo
Pau Lo

ASKER

KeremE,

>>>Hi,
In fact it depends on what distro of Linux do you use...........
Please tell me your distro so that I'll try to help.


Can this be identified running the uname -a command?

Thanks
Avatar of arnold
arnold
Flag of United States of America image
more /etc/*release*
uname -a could be used to make an educated guess based on the reported kernel version (uname -r)
[kernel-version]-revision would usually suggest a RedHat/Centos.  RedHat/centos are setup Similar to Solaris to maintain the major version of applications for uniformity through out. I.e. a new version of the application will not be installed through patching, but the existing application will be "patched" if security issues etc apply.
Avatar of Pau Lo
Pau Lo

ASKER

Fao KeremE and others reading, the distribution is Red Hat Enterprise Linux
Avatar of arnold
arnold
Flag of United States of America image
/etc/redhat-release will tell which RHEL it is 2,3,4,5 etc.
RHN.redhat.com can be used to manage the installed packages/updates.
Depending on the version up2date might be used to keep the system up-to-date with the patches.  Kernel updates are often excluded from the automated process.  You would need to reconfigure up2date --configure or something like that.  Still it may depend on the version. Version 5 might use YUM as the update/package installer.
 
Avatar of Pau Lo
Pau Lo

ASKER

sorry version 5
Avatar of arnold
arnold
Flag of United States of America image
the /etc/redhat-release should tell you whether it is RHEL 5 5.1, 5.2 or 5.3.
RHEL 5 uses yum.

tail /var/log/yum.log will show you which packages were updated/installed when since the original install.
The original install data is in /root/install.log

yum update
yum upgrade
is eqiuvalent to downloading the MU or the Recommended patch cluster and then applying it.
yum update/upgrade [individual or a specific set of applications]
Avatar of Pau Lo
Pau Lo

ASKER

For red hat enterprise 5.0 where is the password policy file, i.e. the equivalents to:
/etc/security/passwd, /etc/default/password and /etc/default/profile?

I have /etc/shadow and /etc/passwd but nowhere in these files does it say the required password complexity rules etc.
Avatar of woolmilkporc
woolmilkporc
Flag of Germany image
Afaik RedHat uses pam_cracklib (/etc/pam.d/system_auth) to check passwords before they are changed.
Look at the docs:
There must be a "README.pam_cracklib" somewhere,  and there should be "/usr/share/doc/cracklib-xx" for the options you can set to require stronger passwords and such.
Avatar of Kerem ERSOY
Kerem ERSOY
You can check password complexity using this command:

man pam_cracklib

Cheers,
K.
Avatar of arnold
arnold
Flag of United States of America image
http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/security-guide/s1-wstation-pass.html
look for the heading, "Forcing Strong Passwords" that include a reference to cracklib referenced by the earlier posters.
Avatar of Pau Lo
Pau Lo

ASKER

How abour identifying running services (ftp, telnet, chargen etc) in red hat LE? I dont have access to the Server so am having to request output of files and commands...

Thanks for the help...
Avatar of woolmilkporc
woolmilkporc
Flag of Germany image
chkconfig -l
(last block)
Avatar of Pau Lo
Pau Lo

ASKER

Can i confirm, the output of "man pam_cracklib" will show all passwords must have met this complexity, or is it any new passwords must meet this complexity, but old passwords may still be weak?
Avatar of arnold
arnold
Flag of United States of America image
netstat -an
look for LISTEN to identify which ports are being used
you can then use lsof -i:portnumber
to determine which application is bound to that port.
sestatus to see whether SELinux is enabled or not.
Avatar of woolmilkporc
woolmilkporc
Flag of Germany image
Check the actually defined rules in /etc/pam.d/passwd (or maybe /etc/pam.d/common-password)
Rules do only apply to new passwords, from the moment on when they're set.
Avatar of Pau Lo
Pau Lo

ASKER

thanks all...

on final question on reviewing /etc/shadow and /etc/pass...

I have 45 users, in /etc/passwd the final column which i think relates to the users shell account,  40 users 35 users have /sbin/nologin - does this mean they cannot login to the server?

for the remaining 10 users I have checked in the /etc/shadow/ file and most seem to have a password hash in the 2nd colum, but some have a * and some have !!.

Does star * mean account disabled?

What about !!?

If a user has !! in their passwords field, and access to bin/bash as shown in /etc/passwd can they login without a password?
Avatar of woolmilkporc
woolmilkporc
Flag of Germany image
Users with /sbin/nologin as their shell cannot login.
* is an invalid password - login by password is not possible (daemon, bin, sys etc.)
! means user cannot login at all (sshd and the like).
I can't say what "!!" might mean, but I think it's essentially the same as "!"
Avatar of woolmilkporc
woolmilkporc
Flag of Germany image
... one more thing
* - root can su to that user
! - no login at all (not even su by root)